Sikur is defining the future of secure communication. Operating globally, it has offices in Latin America, United States, and Europe. Sikur works alongside governments and corporations that believe security is fundamental to the integrity of their work. We believe that security is not only about platforms and digital systems but is a mindset that surrounds every aspect of business.

WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.

However, the surveillance software would have let an attacker read the messages on the target’s device.

“Journalists, lawyers, activists and human rights defenders” are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.

How do I update WhatsApp?

Android

Open the Google Play store

Tap the menu at the top left of the screen

Tap My Apps & Games

If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open

If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version

The latest version of WhatsApp on Android is 2.19.134

iOS

Open the App Store

At the bottom of the screen, tap Updates

If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open

If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version

The latest version of WhatsApp on iOS is 2.19.51

How was the security flaw used?

It involved attackers using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users.

Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers.

Antoine Vincent Jebara, co-founder and CEO of password managing software Myki, shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab.

New Phishing Attack Mimics Mobile Browser Animation and Design

As you can see in the video, a malicious website that looks like Airbnb prompts users to authenticate using Facebook login, but upon clicking, the page displays a fake tab switching animation video aimed to trick users into thinking that their browsers are behaving normally.

“The Facebook login page is also definitely fake and is an overlay over the current page that makes it look like an authentic Facebook page,” Jebara said.

“From the moment a user accesses the malicious website, they are manipulated into performing actions that seem legitimate, all with the purpose of building up their confidence to submit their Facebook password at the final stage of the attack.”

If users are not very attentive to details and fail to spot minor differences, they would eventually end up filling the username and password fields on the phishing page, resulting in giving away their social media credentials to the attackers.

Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts.

The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure.

Facebook said its security had not been compromised.

And the data had probably been obtained through malicious browser extensions.

Facebook added it had taken steps to prevent further accounts being affected.

The BBC understands many of the users whose details have been compromised are based in Ukraine and Russia. However, some are from the UK, US, Brazil and elsewhere.

The hackers offered to sell access for 10 cents (8p) per account. However, their advert has since been taken offline.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Facebook executive Guy Rosen.

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

Intimate correspondence

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum.

The cyber-security company Digital Shadows examined the claim on behalf of the BBC and confirmed that more than 81,000 of the profiles posted online as a sample contained private messages.

Data from a further 176,000 accounts was also made available, although some of the information – including email addresses and phone numbers – could have been scraped from members who had not hidden it.

The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law.

SAN FRANCISCO — A cybersecurity company said it had discovered a flaw in WhatsApp, the Facebook-owned messaging service with 1.5 billion users, that allows scammers to alter the content or change the identity of the sender of a previously delivered message.

By creating a hacked version of the WhatsApp application, scammers can change a “quote” — a feature that allows people within a chat to display a past message and reply to it — to give the impression that someone sent a message they did not actually send, according to the company, Check Point Software Technologies.

WhatsApp acknowledged that it was possible for someone to manipulate the quote feature, but the company disagreed that it was a flaw. WhatsApp said the system was working as it had intended, because the trade-offs to prevent such a deception by verifying every message on the platform would create an enormous privacy risk or bog down the service. The company said it worked to find and remove anyone using a fake WhatsApp application to spoof the service.

“We carefully reviewed this issue and it’s the equivalent of altering an email,” Carl Woog, a spokesman for WhatsApp, said in a statement. What Check Point discovered had nothing to do with the security of WhatsApp’s so-called end-to-end encryption, which ensures only the sender and recipient can read messages, he said.

WhatsApp has 1.5 billion users on its platform, making it the world’s most widely used messaging app. It has gained popularity for the simplicity and security of its service, providing encryption so that even the company does not know the content of its users’ messages. Facebook acquired WhatsApp in 2014 for $19 billion.

But it has come under fire in recent months for the spread of misinformation on its platform. In India, false rumors about child kidnappers circulating through WhatsApp led to mob violence. In Brazil, false stories about deadly reactions to vaccines for the yellow fever spread over the messaging service.

Is Facebook using your computer camera to read your facial expressions and determine how you feel about what you see on your screen? Is it using your phone’s microphone to eavesdrop on you and find out what television programs you watch? Is it tracking your phone’s location in the middle of the night to find out where you live?

Maybe not, or at least not yet. But the company has applied for patents to do all these things, and many others, all of them intended to study your behavior and personality and even predict your future, in order to better serve Facebook’s customers. You may think that’s you, but it’s actually Facebook’s advertisers, which account for 99 percent of its revenue.

Sahil Chinoy, a graphics editor for The New York Times, recently reviewed hundreds of Facebook’s patent applications and appropriately dubbed many of them “creepy.” Here are four of the creepiest:

1. A patent for using your device’s front facing camera to read your facial expressions and determine how you feel about what you see on the screen.

2. A patent for using your phone’s microphone to eavesdrop on you, determining which television programs you’re watching and whether the ads are muted. It would also use the electrical signals emitted by your television to identify programs.

3. A patent that would track your weekly routine. It might also use your phone’s location in the middle of the night to try to determine where you live (or at least sleep).

4. A patent that would use your posts and messages–and credit card transactions–to predict your major life events, such as a birth, marriage, graduation, or death. Advertisers particularly value knowing when such events might occur soon.

Does all this make the little hairs on the back of your neck stand on end? Not to worry, says Facebook VP Allen Lo, head of intellectual property. “Most of the technology outlined in these patents has not been included in any of our products, and never will be,” he told the Times in an email.

But, any way you look at it, that’s not a comforting response. Applying for a patent isn’t a quick or easy matter. It typically involves tens of thousands of dollars worth of attorney’s fees. It’s certainly true that companies sometimes patent a concept in anticipation that either they will be sued by a company using similar technology or will themselves initiate a lawsuit someday. But there’s simply no reason for Facebook to go to the time and expense of patenting all these sophisticated and invasive methods of data collection unless it plans to use them or at least thinks it might use them someday. Whether it ever uses these precise technologies, the company clearly intends to gain ever more precise information about its members and nonmembers so as to sell that info to those who can make use of it, or help advertisers more perfectly target their ads.

Facebook has repeatedly said it gives users total control over the information they voluntarily share with the platform. When pressed, Facebook CEO Mark Zuckerberg admitted to Congress that the company gathers “shadow profiles” on non-Facebook users–but insisted that it is simply tracking publicly available data.

But what about data Facebook collects, or may collect in the future, by spying on users through their cameras or listening through their smartphone microphones? Will it ask people to opt in before it begins gathering information this way? It’s hard to imagine even the most hard-core Facebook user giving permission for practices like these.

Can we trust Facebook not to do this stuff without asking permission first?

Facebook knows a lot about you, your likes and dislikes—it’s no surprise.

But do you know, if you have installed Facebook Messenger app on your Android device, there are chances that the company had been collecting your contacts, SMS, and call history data at least until late last year.

A tweet from Dylan McKay, a New Zealand-based programmer, which received more than 38,000 retweets (at the time of writing), showed how he found his year-old data—including complete logs of incoming and outgoing calls and SMS messages—in an archive he downloaded (as a ZIP file) from Facebook.

Facebook was collecting this data on its users from last few years, which was even reported earlier in media, but the story did not get much attention at that time.

Since Facebook had been embroiled into controversies over its data sharing practices after the Cambridge Analytica scandal last week, tweets from McKay went viral and has now fueled the never-ending privacy debate.

A Facebook spokesperson explained, since almost all social networking sites have been designed to make it easier for users to connect with their friends and family members, Facebook also uploads its users’ contacts to offer same.

As Ars reported, in older versions of Android when permissions were a lot less strict, the Facebook app took away contact permission at the time of installation that allowed the company access to call and message data automatically.

Eventually, Google changed the way Android permissions worked in version 16 of its API, making them more clear and granular by informing users whenever any app tries to execute permissions.

Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail.

First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even Watch OS devices running the latest versions of their operating software.

Like previous ‘text bomb’ bug, the new flaw can easily be exploited by anyone, requiring users to send only a single character from Telugu—a native Indian language spoken by about 70 million people in the country.

Once the recipient receives a simple message containing the symbol or typed that symbol into the text editor, the character immediately instigates crashes on iPhones, iPads, Macs, Apple Watches and Apple TVs running Apple’s iOS Springboard.

Apps that receive the text bomb tries to load the character, but fails and refuses to function properly until the character is removed—which usually can be done by deleting the entire conversation.

The easiest way to delete the offending message is by asking someone else to send a message to the app that is crashing due to the text bomb. This would allow you to jump directly into the notification and delete the entire thread containing the character.

The character can disable third-party apps like iMessage, Slack, Facebook Messenger, WhatsApp, Gmail, and Outlook for iOS, as well as Safari and Messages for the macOS versions.

Telegram and Skype users appear to be unaffected by the text bomb bug.